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EXAMINER'S AMENDMENT 

1. An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

2. Authorization for this examiner's amendment was given in a telephone interview with 
Mr. John D. Lanza Reg. No. 40,060 on 03/03/2010 and communications with his associate Mia 
K. Fiedler on 3/16/2010. 

3. Pursuant to MPEP 606.01 the title has been changed to read: 

- SYSTEM FOR VIRTUALIZING ACCESS TO NAMED SYSTEM OBJECTS 
USING RULE ACTION ASSOCIATED WITH REQUEST- 

4. The following claims had been amended: 

This listing of claim will replace all prior versions and listings of claims in the application: 

1. (Currently Amended) A method for virtualizing access to named system 
objects, the method comprising instructing a suitably programmed computer to perform 
the steps of: 

(a) receiving a request to access a system object stored in a memory element 
provided by a computer, the request received from a process executing in a context of an 
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isolation environment, the isolation environment comprising an application isolation 
layer and a user isolation layer, the request including a virtual name for the system object; 

(b) selecting, by the computer, a rule action associated with the request, the 
selection responsive to the request received from the process executing in the context of 
the isolation environment, and determining that a rule action from a group consisting of 
ignore, redirect and isolate, is associated with the request; 

(c) forming a literal name for the system object in response to the selected 
rule action; and 

(d) issuing^ to an operating system executing on the computer, a request to 
access the system object, the request including the literal name for the system object. 

2. (Currently Amended) The method of claim 1 wherein the system object is 
selected from a^group consisting of a semaphore, a mutex, a mutant, a timer, an event, a 
job object, a file-mapping object, a section, a named pipe, and a mailslot. 

3. (Currently Amended) The method of claim 1 wherein step (a) further comprises 
receiving, from a hooking function, the request to access the system object from the 
process executing in the context of the isolation environment. 



4. (Currently Amended) The method of claim 1 wherein the request to access the 
system object comprises a request to open the system object. 
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5. (Currently Amended) The method of claim 1 wherein the request to access the 
system object further comprises a request to create the system object. 

6. (Canceled) 

7. (Currently Amended) The method of claim 1 wherein step (b) further 
comprises accessing a rules engine to determine tiie rule action associated with the virtual 
name included in the request. 

8. (Currently Amended) The method of claim 1 wherein step (c) further comprises 
forming the literal name for the system object stored in the memory element provided by 
the computer using the virtual name provided in the request and a session -specific 
identifier. 

9. (Currently Amended) The method of claim 1 wherein step (c) further comprises 
forming tiie literal name for the system object stored in the memory element provided by 
the computer using the virtual name provided in the request and an application -specific 
identifier, the application -specific identifier associated with the application isolation layer 
with which the process making the request is associated. 

10. (Currently Amended) The method of claim 1 wherein step (c) further 

comprises forming the literal name for the system object stored in the memory element 
provided by the computer using the virtual name provided in the request and a user - 
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specific identifier, the user -specific identifier associated with the user isolation layer in 
which the process making the request executes. 

11. (Previously Amended) The method of claim 1 wherein step (c) further 
comprises the step of forming the literal name for the system object stored in the memory 
element provided by the computer identifying the system object as having global 
visibility. 

12. (Previously Amended) The method of claim 1 wherein step (c) further 
comprises the step of forming the literal name for the system object stored in the memory 
element provided by the computer identifying the system object as having session 
visibility. 

13. (Previously Amended) The method of claim 1 wherein step (c) comprises 
forming the literal name for the system object stored in the memory element provided by 
the computer that is identical to the virtual name provided in the request. 

14. (Currently Amended) The method of claim 1 further comprising the step of 
receiving a handle from the operating system identifying the accessed system o bject. 



15. (Original) The method of claim 14 further comprising the step of transmitting 
the handle to the process. 
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16. (Currently Amended) The method of claim 1 further comprising receiving a 
second request to access the system object from a second process executing in a^context 
of a second isolation environment comprising a second application isolation layer and a 
second user isolation layer, the second r equest including the virtual name for the object. 

17. (Currently Amended) The method of claim 16 wherein step (c) further 
comprises forming, responsive to the second request received from the second process 

executing in the context of the second isolation environment, a literal name for the 
system object using the virtual name provided in the second request and a session- 
specific identifier. 

18. (Currently Amended) The method of claim 17 wherein step (c) further 
comprises forming the literal name for the system object stored in the memory element 
provided by the computer using the virtual name provided in the second r equest and m 
application- specific identifier, the application -specific identifier associated with tiie 
application isolation laver w ith which the second process making the second r equest is 
associated. 

19. (Currently Amended) The method of claim 17 wherein step (c) further 
comprises forming the literal name for the system object stored in the memory element 
provided by the computer using the virtual name provided in the second r equest and a 
user-specific identifier, the user-specific identifier associated with the second user 
isolation layer in which the second process making the second request executes. 
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20. (Currently Amended) The method of claim 16 wherein step (c) further 
comprises forming the literal name for the system object stored in the memory element 
provided by the computer that is identical to the virtual name provided in the second 
request. 

21. (Previously Presented) The method of claim 1 further comprising the step of 
receiving a request to access the system object from a second process executing in the 
context of the user isolation layer, the request including the virtual name for the object. 

22. (Currently Amended) The method of claim 21 wherein step (c) further 
comprises forming, responsive to the request received from the second process executing 
in the context of the isolation environment, the literal name for the system object using 
the virtual name provided in the request and a session-specific identifier. 

23. (Currently Amended) The method of claim 22 wherein step (c) further 
comprises forming the literal name for the system object using the virtual name provided 

in the request and an application -specific identifier, the application -specific identifier 
associated with the application isolation layer w ith which the second process making the 
request is associated. 

24. (Currently Amended) The method of claim 22 wherein step (c) further 
comprises forming the literal name for the system object using the virtual name provided 
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in the request and a user- specific identifier, ttie user -specific identifier associated with the 
user isolation layer in which the second process making the request executes. 

25. (Currently Amended) The method of claim 21 wherein step (c) further 
comprises forming thejiteral name for the system object that is identical to the virtual 
name provided in the request. 

26. (Currently Amended) An article of manufacture having executable 
instructions stored thereon when the instructions are executed by a computer, causing the 
computer to virtualize access to named system objects, the article of manufacture 
comprising: 

computer-readable program means for receiving a request to access a system 
object from a process executing in a context of an isolation environment, the isolation 
environment comprising an application isolation layer and a user isolation layer, the 
request including a virtual name for the system object; 

computer-readable program means for selecting by the computer, a rule action 
associated with the request, the selection responsive to the request received from the 
process executing in the context of the isolation environment, and determining that a rule 
action from a group consisting of ignore, redirect and isolate is associated with the 
request: 

computer-readable program means for forming a literal name for the system 
object responsive to the selected rule action : and 
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computer-readable program means for issuing, to an operating system executing 
on the computer, a request to access the system object, the request including the literal 
name for the system object. 

27. (Currently Amended) The article of manufacture of claim 26 wherein the 
computer-readable program means for receiving the request fiirther comprises_a request 
to open tiie system object. 

28. (Currently Amended) The article of manufacture of claim 26 wherein the 
computer-readable program means for receiving the request further comprises_a request 
to create the svstem object. 

29. (Currently Amended) The article of manufacture of claim 26 further 
comprising computer-readable program means for storing the r ule action associated with 
the request. 

30. (Currently Amended) The article of manufacture of claim 29 wherein the 
computer-readable program means for storing the rule action further comprises a 
database. 

31. (Currently Amended) The article of manufacture of claim 26 wherein the 
computer-readable program means for forming the literal name for the system object 
further comprises forming the literal name for the system object that is identical to the 
virtual name. 
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32. (Currently Amended) The article of manufacture of claim 26 wherein the 
computer-readable program means for forming the literal name for the system object 
further comprises forming the literal name for the system object using the virtual name 
and a session -specific identifier. 

33. (Currently Amended) The article of manufacture of claim 32 wherein an 
application -specific identifier is associated with the apphcation isolation layer with which 
the process making the request is associated. 

34. (Currently Amended) The article of manufacture of claim 32 wherein a user - 
specific identifier is associated with the user isolation layer in which the process making 
the request executes. 

5. Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Cortmients on Statement of Reasons for 
Allowance". 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to WILLY W HUARACHA whose telephone number is (571) 270- 
55 10. The examiner can normally be reached on M-F 8:30am to 6:00pm, EST. 
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7. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai T. An can be reached on 571-272-3756. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

8. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Meng-Ai An/ 


/Willy W. Huaracha/ 


Supervisory Patent Examiner, Art Unit 2195 


Examiner, Art Unit 2195 



